New Tool: web2intel
About
Script to fetch malicious domain and URL lists from sites that publish RSS feeds or raw HTML pages.
Download
To obtain the tool, please visit https://github.com/andrewsmhay/web2intel and download the associated files or simply run the following command at your command prompt:
$ git@github.com:andrewsmhay/web2intel.git
Supported Lists
- The Abuse.ch SSL block list
- The Quttera malicious, suspicious, and potentially suspicious domains database
- John Bambenek’s Gameover Zeus list
- DNS-BH – Malware Domain Blocklist
- SANS Internet Storm Center LOW, MEDIUM, and HIGH confidence block lists
- Sucuri Security’s scanner identified iframe, conditional redirection, and encoded javascript web site list
Usage
./web2intel.rb <option> <extras>
For command syntax, please visit the GitHub repository.
Example 1 – Domains only
$ ./web2intel.rb --sucuri_iframe
#Title: Sucuri Research Labs Hidden iframes list
#2014-07-20 15:08:14 -0700
....list of domains....
Example 2 – Full URLs
$ ./web2intel.rb --sucuri_iframe --urls
#Title: Sucuri Research Labs Hidden iframes list
#2014-07-20 15:08:42 -0700
....list of URLs....
Support
For any questions, bugs, or concerns, please use the GitHub issue submission system and/or reach out to @andrewsmhay on Twitter.
© Andrew Hay, 2014